PT-2022-20638 · WordPress · Frontend File Manager Plugin
Raad Haddad
·
Published
2022-10-03
·
Updated
2022-10-04
·
CVE-2022-3125
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Frontend File Manager Plugin WordPress plugin versions prior to 21.3
Description
The issue allows any authenticated users to rename a file to an arbitrary extension, such as PHP, which could enable them to upload arbitrary files on the server and achieve remote code execution.
Recommendations
For versions prior to 21.3, update to version 21.3 or later to resolve the issue.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frontend File Manager Plugin